JavaScriptCore-7601.1.46.3.tar.gz

[apple/javascriptcore.git] / tests / stress / get-argument-by-val-in-inlined-varargs-call-out-of-bounds.js

diff --git a/tests/stress/get-argument-by-val-in-inlined-varargs-call-out-of-bounds.js b/tests/stress/get-argument-by-val-in-inlined-varargs-call-out-of-bounds.js
new file mode 100644 (file)
index 0000000..0f210ce
--- /dev/null
+++ b/tests/stress/get-argument-by-val-in-inlined-varargs-call-out-of-bounds.js
@@ -0,0 +1,31 @@
+var gi;
+
+function foo() {
+    return arguments[gi];
+}
+
+function bar(array, i) {
+    gi = i;
+    return foo.apply(this, array);
+}
+
+noInline(bar);
+
+var bigArray = [];
+for (var i = 0; i < 50; ++i)
+    bigArray.push(42);
+
+for (var i = 0; i < 10000; ++i) {
+    var mi = i % 50;
+    var result = bar(bigArray, mi);
+    if (result !== 42)
+        throw "Bad result in first loop: " + result + "; expected: " + 42;
+}
+
+for (var i = 0; i < 10000; ++i) {
+    var mi = i % 100;
+    var result = bar([42], mi);
+    var expected = mi ? void 0 : 42;
+    if (result !== expected)
+        throw "Bad result in second loop: " + result + "; expected: " + expected;
+}